BUSTED: Anti Spam Forces Bankrupt Super-Spammer Scott Richter

Written by Paul Judge, CTO, CipherTrust, Inc.

Microsoft scores one for good guys Scott Richter, self-proclaimed “Spam King,” just can’t seem to get enough attention. Admittedly responsible for sending literally billions of Unsolicited Commercial Email messages (UCE), Richter made headlines again recently when his spam-fed cash cow, OptInRealBig.com, filed for bankruptcy protection in U.S. federal court in his home state of Colorado. According to Richter’s father (who is also his attorney), “It’s legal fees that are battering company. OptIn is profitable but for these lawsuits.”

At time of its bankruptcy filing, OptInRealBig.com claimed assets of less than $10 million and liabilities of over $50 million. Richter claimed his company made $15 million a year sending more than 15 million email messages per day. However, in 2003, OptInRealBig was dealt a powerful 1-2 punch from Microsoft and Eliot Spitzer, Attorney General of New York; both sued Richter under local state anti spam laws. Although New York case was settled out of court last year, Richter has had no such luck dealing with Microsoft, whose claims top $19 million.

A Case of Global Amnesia? Richter's company and others like it market products ranging from diet pills to pornography. He’s also been accused of using spam to extract personal information from unsuspecting recipients. For instance, one alleged scheme hatched by Richter and his associates promised recipients a copy of a "Girls Gone Wild" DVD if recipient registered on a website. The registration information was then used to bombard recipient with more and more spam.

Richter contends that his methods are all legal, and that he’s just a regular guy trying to do right by world; he’s even gone so far as to claim that he’s a “victim” of overzealous anti spam companies and prosecutors. “We don't spam,” explained Richter in an August 2004 PC World interview. “The biggest problem is when people get an email that they think they didn't sign up for or don't remember signing up for, and they call it spam.”

To hear Richter tell it, tens of millions of people simply forgot that they had previously asked to receive his messages. According to state of New York, however, he falsified header information and used deceptive routing and domain purchase practices in order to get his messages through. The lawsuit also accused Richter of using a network of approximately 500 “zombie” computers to send his messages. When asked how so many users could have subscribed and not remember doing so, Richter claimed signups must have been via anonymous "partners of our partners" web sites, names of which slipped his mind.

Spammer in the Slammer: Jeremy Jaynes Sentenced to Nine Years

Written by Paul Judge, CTO, CipherTrust, Inc.

Will other spammers take heed? Don’t count on it. Jeremy Jaynes was on top of world. By age 28, he owned a million-dollar home, a high-class restaurant, a chain of gyms and countless other toys. Yet those were only spoils of his main line of business, which was swindling innocent people out of their money through email scams. From an unassuming house serving as his company’s headquarters in Raleigh, NC, Jaynes sent an estimated ten million messages a day pitching products most recipients didn't want, amassing an estimated $24 million fortune in process. Using aliases such as Jeremy James and Gaven Stubberfield, Jaynes spammed his way up to #8 position on Spamhaus’ Register Of Known Spam Operations (ROKSO) and grossed as much as $750,000 a month, allowing him to live like a king.

However, Jaynes ran head-on into an information superhighway road block when a Virginia judge sentenced him to nine years in prison for his November 2004 conviction on felony charges of using false IP addresses to send mass email advertisements (some just call it spamming). The conviction was a landmark decision, as Jaynes became first person in United States convicted of felony spam charges. Though his operation was based in North Carolina, Jaynes was tried in Virginia because it is home to a large number of routers that control much of North America's Internet traffic (it’s also home of AOL and a government building or two).

He should’ve Used Privacy Software During trial, prosecutors focused on three of Jaynes’ most egregious scams: software that promised to protect users' private information; a service for choosing penny stocks to invest in; and a work-from-home "FedEx refund processor" opportunity that promised $75-an-hour work but did little more than give buyers access to a website of delinquent FedEx accounts. Sound familiar? Anyone with an e-mail address has received countless messages originating from Jaynes’ operation. (If you’re still waiting on your privacy software to show up, it’s probably safe to stop checking mailbox.)

Jaynes got lists of millions of email addresses through a stolen database of America Online customers. He also illegally obtained e-mail addresses of eBay users. While prosecutors still don't know how Jaynes got access to lists, Associated Press reported that AOL names matched a list of 92 million addresses that an AOL software engineer has been charged with stealing.